Manjunath Mandya Surendrakumar created FLUME-3356:
-----------------------------------------------------
Summary: Probable security issue in Flume
Key: FLUME-3356
URL: https://issues.apache.org/jira/browse/FLUME-3356
Project: Flume
Issue Type: Bug
Affects Versions: 1.9.0
Reporter: Manjunath Mandya Surendrakumar
While security scanning one of my projects through WhiteSource I encountered a
vulnerability by ID *CVE-2019-10202* [1] from Flume 1.9.0
Further investigating on this, the issue was from one of your used dependency
Avro 1.7.4 which is vulnerable due to the use of *jackson-core-asl* and
*jackson-mapper-asl*. This issue from project Avro is fixed in version 1.9.2 [2]
Is this vulnerability affects Flume or Is this a known vulnerability?
Is there a plan to release a new version of Flume with updated Avro?
# [https://nvd.nist.gov/vuln/detail/CVE-2019-10202]
# [https://mvnrepository.com/artifact/org.apache.avro/avro/1.9.2]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
